Senior Associate, Cyber and Digital Risk Management

Banco SantanderDallas, TX
8h
Match Resume

About The Position

Santander is a global leader and innovator in the financial services industry and is evolving from a high-impact brand into a technology-driven organization. Our people are at the heart of this journey and together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible. This is more than a strategic shift. It’s a chance for driven professionals to grow, learn, and make a real difference. If you are interested in exploring the possibilities We Want to Talk to You! The Sr Associate Cyber and Digital Risk Management monitors activities to minimize the company's exposure to information security risks. Activities may include 2nd line of defense independent assurance over technical cyber risk analysis, risk identification and remediation. The incumbent shall support the preservation of digital trust and ensure that the oversight is adequate to minimize compliance and regulatory risk by resolving issues and ensuring adherence to industry good practice frameworks, company and legal standards. Responsible for ensuring that the company's activities adhere to the necessary rules and regulations, and that the company complies with legal/regulatory statutes and jurisdictions, as they relate to the management of cyber and digital risks. The Senior Associate, Cyber and Digital Risk Management is responsible for independent risk management and assurance activities over the assigned business area’s technology footprint covering Information Security, Cyber Resilience, Cyber Fraud and Data Security (incl. Retention and Disposal) as part of the second line of defense Technology Risk Management organization. The incumbent develops and maintains an effective Information Security Risk oversight program that enables the assigned business area to comprehensively identify, assess, mitigate, manage, monitor and report technology risk, including performing technical risk reviews of identified domains. This role is established in the second line of defense and requires collaboration across CISO, Data Office, IT, Operational Risk, Internal Audit and other relevant functional stakeholders within the organization in the management of Cybersecurity risks. An excellent understanding of the evolving regulatory landscape in the US and EU are vital for success in this role. The day-to-day focus may vary depending on the requirements of the overall second line of defense program priorities directed by the Head of Technology Risk and may include: planned or ad-hoc technical risk review and challenge, review of Technology or Business initiatives, Ongoing risk monitoring activities, Risk reporting, development of technical risk framework and methodologies. The team to support the oversight of cybersecurity risks will comprise of individuals aligned against the core coverage areas noted above. This is an individual contributor role but will require people and stakeholder management skills to operate effectively in a 2nd line of defense role in a matrix organization.

Requirements

  • Bachelor's Degree in a technical discipline or equivalent work experience: Computer Science, Information Technology, Information Systems, Information Security. Req
  • Master's Degree in related technical disciplines. Pref
  • Professional Certifications in Cybersecurity. Req.
  • Professional Certifications in Cloud Security (AWS, Azure). Pref
  • Demonstrated expertise and track record in information security and cyber risk management, and ability to perform at an advanced level of competence.
  • Strong risk, process, and control validation and/or assessment skills.
  • Advanced knowledge of technical risk management best practices and how to implement them.
  • A keen sense of attention to details with a passion for impeccable documentation while having the ability to multi-task and adapt/adjust to multiple demands and competing priorities
  • A high degree of intellectual curiosity to research, study and assess technical documentation to support oversight activities
  • A team player who can coordinate and drive consensus among different teams and stakeholders having varying view points
  • Ability to convey a sense of urgency and drive issues/projects to closure.
  • Excellent written and oral communication skills.
  • Excellent analytical, organizational and project management skills.
  • Resilient Security Architecture
  • Identity and Access Management
  • Network / Firewall Management
  • Vulnerability and Patch Management
  • Cloud Security Architecture
  • Secure Application Development / Containerization
  • Encryption / Tokenization
  • Data Loss Prevention
  • Security Logging and Monitoring
  • Incident Detection and Response Management
  • Offensive Security
  • Strong understanding of multiple information security and cyber risk domains, and knowledge of industry good practice standards
  • Experience with execution of technology & cyber risk oversight programs, preferably in a 2nd or 3rd line of defense
  • Demonstrated ability to coordinate oversight activities across different teams
  • Knowledge of current and evolving regulatory requirements and industry best practices in technology and cybersecurity risk management
  • Strong experience as a team player, adaptability and flexibility
  • Professional and practitioner experience of 9+ years in one or more areas of cybersecurity risk management roles in a matrix organization
  • Experience in Cybersecurity risk consulting in the financial services sector, Cyber security audit, Chief Information Security Office or in a similar second line of defense role is highly preferred
  • Experience within a highly regulated environment such as the financial services industry and knowledge of the current and evolving regulatory landscape is necessary
  • Professional Certifications in Cybersecurity. Req.
  • Professional Certifications in Cloud Security (AWS, Azure). Pref

Nice To Haves

  • Established work history or equivalent demonstrated through a combination of work experience, training, military service, or education.
  • Experience in Microsoft Office products.

Responsibilities

  • Establish themselves as one of the second line of defense subject matter experts for key stakeholders in the management of cybersecurity and technology risks across all operating entities
  • Identify and assess cybersecurity risks and participate in the independent and ongoing risk oversight of key technology components of the firm’s digital transformation initiatives.
  • Participate in evaluation of new products / Business changes / projects and assess related cybersecurity risks and impact to the technology risk profile
  • Participate in the evaluation and management of cybersecurity risks related to third-party suppliers involved in technology and business projects
  • Manage and execute targeted risk reviews designed to evaluate information security risks and their effective and sustainable mitigation
  • Perform review and challenge of first line of defense information security risk management processes, data and outcomes (e.g. risk assessments, control evaluations, risk metrics, mitigation plans, risk acceptances etc.) and support the development of risk opinions for various levels of management
  • Analyze information security / cyber risk data from various sources (e.g. external events, control deficiencies, risk register etc.) to identify and measure levels of risk, concentration, trends and patterns
  • Develop the AI Use case Information security assessment framework from 2nd line perspective and perform assessments for a variety of use cases.
  • Contribute to the updating of existing information security policies and framework or develop new ones that steer the safe and sound adoption of technologies across the organization
  • Monitor external trends and evaluate potential impacts to business strategy; provide documented analytical insights of the cyber risk horizon, while ensuring a sound operational and compliance control environment through establishment of a system of effective and sustainable internal controls
  • Be able to analyze, assess and advise on remediation of regulatory findings, correction of any inconsistencies and monitors resolution
  • Prepare information to enable governance committees / working groups in the management oversight of cybersecurity and technology risks
  • Support process for constructive engagement across the Lines of Defense regarding differences or conflicts in risk appetite, risk metric determination or evaluation, issue severity or other areas of dispute
  • Initiate timely escalations to the Sr. Director, Cyber & Digital Risk and to the leadership team

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Number of Employees

5,001-10,000 employees

Job Search Resources

Similar Senior Associate, Cyber and Digital Risk Management job opportunities

Senior Associate, Cyber and Digital Risk Management
Santander
Santander • Dallas, TX2d • $93,750 - $165,000
Cyber Risk Management Specialist
steampunk
steampunk • McLean, VA10d • $100,000 - $150,000
Cyber Risk Management Specialist
steampunk
steampunk • McLean, VA3d
Market Risk Associate - Cryptocurrency and Digital Assets
JPMorgan Chase
JPMorgan Chase • New York, NY4d
Cyber Intelligence Senior Associate
JPMorganChase
JPMorganChase • Plano, TX1d
Senior Cyber Risk Analyst
Veteran Benefits Guide
Veteran Benefits Guide • Enterprise, NV1d
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service